Interview

I'm updating NearbyGamers to Rails 1.2.1. Nothing broke except my use of assert_tag in my tests; it's been long-regarded as squicky and has been replaced with assert_select. As I'm tidying up some deprecated code, it occurs to me that this makes for an interesting example of how I feel Rails is changing.

Rails is growing inwards and upwards, not just outwards. They're finding better, terser, more Rails-ish ways to express things. They're not piling on features, they're condensing. I've mentioned that this is what coding in Rails continually feels like: sometimes it just feels off even though it works and is nicer than other languages, and soon I realize a beautiful Right Way to do it.

Where Rails gained new features, the developers have redesigned functionality to make me think, "Wow, of course, that's obviously much nicer" and it does more because it's better-designed. Let me give you an example using assert_tag.

This is the fourth in a series of interviews we're making available to the CodeSnipers community. It's quite a bit different from our previous ones which focused on Open Source developers, Project Mangers, and general community contributors. This gentleman is a bit more fired up and has something to say. Without further delay... we have the Wall Street Programmer.

When your blog launched in November '05, you titled it "Thoughts, insights and justified profanity from a Wall Street Programmer". What are a few aspects that make software development on Wall Street different from other places and/or industries?

Sofware development on Wall Street seldom follows the fads and keyword technologies of proper software shops. Only now is the season of the dying breed of C++ developer being replaced by a new wave of Java centered managerial decisions. This is enirely too late as compared to other software developer domains. As I've stated in my post about traders, much of the software here is seen as a necessary evil...a means to an end. Just write the thing in whatever way is fastest, make sure it's relatively stable and runs fast, and shove it out the door...

This is the third in a series of interviews we're making available to the CodeSnipers community. We have been working to track down people who we thought had something valuable to say about the software development community, tools, practices, or direction. Some of the names you will recognize immediately, others you've probably never heard of, but all of them have made an impact in one way or another. Without further delay... we have Chris Shiflett author of Essential PHP Security.

Security is one of those things that many developers think to "bolt on" after the main system has been developed. What is the proper way to think about web application security?

Security isn't much different than other abstract concerns such as performance, maintainability, and reliability. None of these characteristics can be added very easily to an existing application - they need to be considered during every stage of development. (It's like trying to add wisdom to a child.)

They're also difficult to measure. The measure of an application's security is its ability to predict and prevent security problems before they are exploited. It's an ongoing process that begins with a solid design.

This is the second in a series of interviews we're making available to the CodeSnipers community. We have been working to track down people who we thought had something valuable to say about the software development community, tools, practices, or direction. Some of the names you will recognize immediately, others you've probably never heard of, but all of them have made an impact in one way or another. Without further delay... we have Mike Ho the lead developer of Qcodo.

Qcodo had its debut at the Zend/PHP Conference in October and few in our community were there. Can you tell us about how Qcodo came about and what it does?

Well at the risk of sounding like “yet another PHP framework”, Qcodo is in fact a PHP development framework.

It is focused on allowing development teams create good, solid prototypes in a ridiculously short amount of time, and for giving developers a toolset to mature these prototypes into full-fledge enterprise-level applications.

At its core, Qcodo is broken down into two main parts: the Code Generator and Qforms. The Code Generator focuses on analyzing your database to create basic Create, Restore, Update and Delete (CRUD) functionality. Qforms is an object-oriented stateful, event-driven architecture to handle web page and HTML forms processing, similar to .NET or Java Struts. Both obviously work with each other seamlessly. But you could definitely choose to just use one or just the other.

The entire framework originally started out over 4 years ago as just a simple but robust Microsoft SQL Server and ASP code generator while I was working as an independent contractor. Since then, it has been rearchitected and greatly improved upon throughout the years, first being ported to ASP.NET. Over a year ago it was redesigned specifically for PHP 5 and has been made into a full-fledged development framework for use with the many projects I have been fortunate enough to work on. Throughout Qcodo’s life it has been used on a wide variety of projects on all these platforms, from small startups to Fortune 500 companies like Covad and Lockheed Martin and large government agencies like Chicago Public Schools and NASA.

Earlier this year, I was fortunate enough to be invited to speak at the MySQL User’s Conference, where I talked about the code generator, specifically, and how code generation techniques could be used to greatly accelerate enterprise application development. The feedback was so overwhelming, not only for the technique, but for the code generator itself, that I realized that the market has a huge need for not just the code generator, but an entire framework like Qcodo to be open sourced. So I spent the next couple of months cleaning up the code and ensuring that it was clear of any proprietary or IP constraints, and released it as an open source framework in time for the Zend/PHP Conference.

This is the first in a series of interviews we're making available to the CodeSnipers community. We have been working to track down people who we thought had something valuable to say about the software development community, tools, practices, or direction. Some of the names you will recognize immediately, others you've probably never heard of, but all of them have made an impact in one way or another. Without further delay... our first victim... er... is Tom Copeland of the PMD project.

Some of our community may be familiar with the Java tool PMD, but many are not. Could you tell us a bit about PMD and your role in the project?

Sure! PMD is a utility for finding various "opportunities for improvement" in Java source code. It uses static analysis, meaning that it parses and analyses the source code without actually running the program, to find unused code, unnecessary object creation, and bad practices. You can run it using Ant/Maven/command line/various IDEs and generate text, HTML or XML reports.